Page MenuHomePhabricator

Update tainted-refs npm dependencies
Closed, ResolvedPublic5 Estimated Story Points

Description

docker-compose run --rm node npm audit reports 158 vulnerabilities (135 low, 7 moderate, 16 high).

A few of the vulnerabilities rated high are resolved by updating to the next higher versions of storybook and vue-cli. Termbox and data-bridge recently did similar updates. Both should be easy to update and come with built-in commands to update. See

AC:

  • uses @storybook\* 6
    • uses the new syntax for stories
    • uses controls instead of knobs (if any are present)
  • uses @vue\cli-* 4
  • uses sass-loader 8 instead of 7
  • npm package vulnerabilities are minimized

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

The AC has been updated to reflect a discussion in the tech prio session where we decided it won't be much effort to migrate the stories to the new syntax and use controls instead of knobs (if any are present).

noarave set the point value for this task to 5.Mar 11 2021, 11:04 AM

Change 678227 had a related patch set uploaded (by Tonina Zhelyazkova; author: Tonina Zhelyazkova):

[mediawiki/extensions/Wikibase@master] tainted-refs: Update Storybook to v6

https://gerrit.wikimedia.org/r/678227

Change 678227 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] tainted-refs: Update Storybook to v6

https://gerrit.wikimedia.org/r/678227

Change 679274 had a related patch set uploaded (by Tonina Zhelyazkova; author: Tonina Zhelyazkova):

[mediawiki/extensions/Wikibase@master] tainted-refs: Update sass-loader from v7 to v8

https://gerrit.wikimedia.org/r/679274

Change 678802 had a related patch set uploaded (by Tonina Zhelyazkova; author: Tonina Zhelyazkova):

[mediawiki/extensions/Wikibase@master] tainted-refs: Update to vue-cli 4

https://gerrit.wikimedia.org/r/678802

Change 679334 had a related patch set uploaded (by Tonina Zhelyazkova; author: Tonina Zhelyazkova):

[mediawiki/extensions/Wikibase@master] tainted-refs: npm update

https://gerrit.wikimedia.org/r/679334

Change 679344 had a related patch set uploaded (by Tonina Zhelyazkova; author: Tonina Zhelyazkova):

[mediawiki/extensions/Wikibase@master] tainted-refs: Add a smoke test for Storybook

https://gerrit.wikimedia.org/r/679344

Change 678802 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] tainted-refs: Update to vue-cli 4

https://gerrit.wikimedia.org/r/678802

Change 679344 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] tainted-refs: Add a smoke test for Storybook

https://gerrit.wikimedia.org/r/679344

Change 679274 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] tainted-refs: Update sass-loader from v7 to v8

https://gerrit.wikimedia.org/r/679274

Change 679334 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] tainted-refs: npm update

https://gerrit.wikimedia.org/r/679334